All too often, big issues -- VoIP, viruses, regulations and others -- are discussed as monoliths. The reality is, of course, that there are subtle differences within each category. Spam is another of these big-picture labels that reveals far a more nuanced and interesting reality when it is carefully investigated. This Network World feature looks at ongoing research in four areas related to spam. More specifically, it links to 12 papers that target unique challenges that criminals (and, perhaps, over-aggressive marketers) are posing. It is important to face spam challenges head on. Spam is big business today -- and is like to grow due to Storm and other botnets, experts say.
The first category the story looks at a relatively new approach, which is to hide spam in images that can bypass filters. The University of Pennsylvania has released a paper detailing how to adjust filters, while researchers at Princeton, Georgia Tech and the University of Cagliari in Italy looked separately at image spam detection systems.
Despite all the esoteric technology that security researchers use, experts invariably point to user education as the best preventative. This is nowhere more true than in the second issue dealt with in the story, which is phishing. Carnegie Mellon University is researching effective ways of helping people recognize phishing exploits. The good news, posted here at DM News, is that Yahoo has relaunched its antispam site. The story says that another helpful site is about CertifiedMail.
The next focus of research is blacklisting, which is the public posting of malicious e-mail addresses and domains so that messages are not accepted from them (in the case of IP addresses) or sent to them (in the case of domains). Efforts to improve this approach -- which is deemed too "reactive" by the author -- is the subject of papers from Dartmouth and Georgia Tech.
Georgia Tech makes another appearance with a paper on how to prevent spam over Internet telephony (SPIT). SPIT figures to be one of the key battlegrounds of the future: As researchers work to neutralize it, criminals increasingly see it as the future of spam. VoIP News says that hackers attacked the VoIP system at Columbia University, where Henning Schulzrinne -- the co-author of the Session Initiation Protocol (SIP), an important VoIP protocol -- teaches.
The next step -- and the next nicknamed exploit to become familiar with -- will be "vishing," or voice phishing. This involves bogus voice mail messages aimed at getting respondents to call back and surrender sensitive data. It also sounds like an area in which end user education will be important.
The sampler of tech papers concludes with some that weren't written on campus (academic ones, that is). The piece links to a Microsoft paper on better ways of differentiating between spam and legitimate e-mail and to an IBM Research document on combining global and personal anti-spam efforts.
There are, of course, valuable projects and initiatives under way that aren't mentioned in the Network World article. For instance, Infoblox's third survey of domain name servers (DNS) found an increasing use of the Sender Policy Framework, a sign of cooperation in spam prevention efforts, according to The Register. The research showed that the percentage using SPF rose five percent to 12.6 percent between 2006 and this year.